Currently, the encrypted slatepack output has different length depending on at which step the slatepack is. Moreover, the length depends on the number of inputs/outputs the transaction has. This can leak information about the progress of a transaction if slatepacks were public. We could see that a slatepack with a single signature was published and soon a transaction appeared which allows us to link the transaction with a slatepack. It doesn't tell us much, but it shows some patterns that may show some timing correlations between steps or similar.
To combat this we'd have to make the encrypted messages of the same length. This could be done by introducing a new field e.g. lorem_ipsum that would hold dummy data. We could agree every slatepack needs to be of length N and fill this dummy field accordingly. Another option would be to introduce a wrapper around the slatepack that is another encryption e.g. BEGINFACELESS. asdasdasd .ENDFACELESS which would encode something like
{
"version": 1,
"lorem_ipsum": "asdfasdfasdf",
"slatepack": "BEGINSLATEPACK . asdfasdfsafasd ... .... . ENDSLATEPACK",
}
Both options would make every encrypted slatepack look the same regardless of the step it is at. We can then publish these publicly with a guarantee that there won't be any patterns between them except for timings.
Slatepacks are already very good at hiding the information, having them all look the same might push this even further.
The field we introduced makes us transfer garbage data which is bad for bandwidth. But it might be worth the privacy increase. In the worst case, we'd add 2x slatepack size which is a constant factor. So both the store and the users scanning are hit with a constant factor which means it's not that bad even if we had thousands of these.
The length of
lorem_ipsumshould not be a constant but it should have a reasonable maximum and a minimum of 0 imo.